Navigating the Complexities of GDPR - A Guide for Business

Introduction

Since its implementation in May 2018, the General Data Protection Regulation (GDPR) has shaped how businesses handle personal data. Yet, many still struggle with understanding its full implications, especially with the recent introduction of the Data (Use and Access) Bill, which brings significant changes to the UK GDPR and related laws.

Join us for a practical virtual classroom session designed for those with little or no prior experience in data protection. This session provides a clear, easy-to-understand overview of the core concepts that apply to any workplace, helping you grasp the essential elements of GDPR compliance.

Through engaging exercises and real-world examples, you will learn to tackle common data protection challenges with practical, risk-focused solutions. You will also gain the confidence to apply GDPR principles to your work and make informed decisions about data privacy.

In addition, this session will provide timely updates on the Data (Use and Access) Bill, ensuring you are aware of the latest developments that could impact your business. Don't miss this opportunity to enhance your understanding and stay ahead of compliance requirements - sign up today!

What You Will Learn

This live and interactive session will cover the following:

• Applicable rules
• What are the differences between the UK GDPR and the EU GDPR, and which one applies?
• Key terminology
• What do the key terms of the UK GDPR and the DPA 2018 mean?
• ‘Personal Data’ v ‘Special Categories’
• ‘Controller’ v ‘Processor’
• Principles
• What are the principles and what do they mean practically for firms and for employees?
• What is meant by ‘accountability’?
• Is consent required to process personal data?
• Data Subjects’ Rights
• What are the key rights that data subjects have?
• What needs to be done when a request is received from a data subject?
• Security
• What are the key areas of risk in respect of security breaches?
• What needs to be done if there is a security breach?
• Direct marketing
• UK GDPR and the Privacy and Electronic Communications Regulations 2003 - how do they interact in practice?
• How is ‘marketing’ defined?
• What lawful bases can be relied upon? Consent v legitimate interests?
• Opt-out v opt-in - which approach should be used?
• Enforcement Regime
• What enforcement options are available to the ICO?
• In what circumstances will the ICO issue a civil monetary penalty?
• What are the factors considered by the ICO in determining the amount?
• What mitigating steps can be taken to reduce the likelihood of a civil monetary penalty?

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.